| To: | Chris Wright <chrisw@xxxxxxxx> |
|---|---|
| Subject: | Re: [RFC][PATCH 1/3] netlink check sender |
| From: | Stephen Smalley <sds@xxxxxxxxxxxxx> |
| Date: | Mon, 14 Feb 2005 08:05:20 -0500 |
| Cc: | netdev@xxxxxxxxxxx, davem@xxxxxxxxxxxxx, James Morris <jmorris@xxxxxxxxxx>, "Serge E. Hallyn" <serue@xxxxxxxxxx> |
| In-reply-to: | <1108385999.15437.18.camel@moss-spartans.epoch.ncsc.mil> |
| Organization: | National Security Agency |
| References: | <20050212010109.V24171@build.pdx.osdl.net> <20050212010243.W24171@build.pdx.osdl.net> <1108385999.15437.18.camel@moss-spartans.epoch.ncsc.mil> |
| Sender: | netdev-bounce@xxxxxxxxxxx |
On Mon, 2005-02-14 at 07:59, Stephen Smalley wrote: > printk() is a leftover from debugging, I assume. > Why place the check_sender() call here vs. just replacing the existing > security_netlink_send() call in netlink_sendmsg() with this new call? Sorry, replacing security_netlink_send() would be bad (for SELinux checking), but I'm not clear on why you don't put the check_sender() call right after it in netlink_sendmsg() so that you ensure that you have complete coverage (vs. unicast-specific). -- Stephen Smalley <sds@xxxxxxxxxxxxx> National Security Agency |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: [RFC][PATCH 1/3] netlink check sender, Stephen Smalley |
|---|---|
| Next by Date: | Re: [RFC][PATCH 2/3] netlink check sender, audit, Stephen Smalley |
| Previous by Thread: | Re: [RFC][PATCH 1/3] netlink check sender, Stephen Smalley |
| Next by Thread: | Re: [RFC][PATCH 1/3] netlink check sender, Chris Wright |
| Indexes: | [Date] [Thread] [Top] [All Lists] |